π Content-Type β Only process specific content types
π’ Response Code β Only process specific HTTP status codes
π URL Extension β Only process specific file extensions
π Request Modification
Modify the HTTP method:
POST β GET
GET β POST
Toggle between methods
π Match and Replace
Apply find/replace rules to requests before sending. See Match and Replace.
π Complete Example: CORS Misconfiguration
This profile:
π Injects https://{REDIRECT_DOMAIN} as the Origin header value
π Checks response headers for Access-Control-Allow-Credential: true AND either Access-Control-Allow-Origin: https://{REDIRECT_DOMAIN} or Access-Control-Allow-Origin: null
π Reports a Low severity CORS Misconfiguration issue